@@ -87,14 +87,45 @@ export interface AutoEncryptionOptions {
8787 /** Configuration options for using 'aws' as your KMS provider */
8888 aws ?: {
8989 /** The access key used for the AWS KMS provider */
90- accessKeyId ? : string ;
90+ accessKeyId : string ;
9191 /** The secret access key used for the AWS KMS provider */
92- secretAccessKey ? : string ;
92+ secretAccessKey : string ;
9393 } ;
9494 /** Configuration options for using 'local' as your KMS provider */
9595 local ?: {
96- /** The master key used to encrypt/decrypt data keys. A 96-byte long Buffer. */
97- key ?: Buffer ;
96+ /**
97+ * The master key used to encrypt/decrypt data keys.
98+ * A 96-byte long Buffer or base64 encoded string.
99+ */
100+ key : Buffer | string ;
101+ } ;
102+ /** Configuration options for using 'azure' as your KMS provider */
103+ azure ?: {
104+ /** The tenant ID identifies the organization for the account */
105+ tenantId : string ;
106+ /** The client ID to authenticate a registered application */
107+ clientId : string ;
108+ /** The client secret to authenticate a registered application */
109+ clientSecret : string ;
110+ /**
111+ * If present, a host with optional port. E.g. "example.com" or "example.com:443".
112+ * This is optional, and only needed if customer is using a non-commercial Azure instance
113+ * (e.g. a government or China account, which use different URLs).
114+ * Defaults to "login.microsoftonline.com"
115+ */
116+ identityPlatformEndpoint ?: string | undefined ;
117+ } ;
118+ /** Configuration options for using 'gcp' as your KMS provider */
119+ gcp ?: {
120+ /** The service account email to authenticate */
121+ email : string ;
122+ /** A PKCS#8 encrypted key. This can either be a base64 string or a binary representation */
123+ privateKey : string | Buffer ;
124+ /**
125+ * If present, a host with optional port. E.g. "example.com" or "example.com:443".
126+ * Defaults to "oauth2.googleapis.com"
127+ */
128+ endpoint ?: string | undefined ;
98129 } ;
99130 } ;
100131 /**
0 commit comments